ASA 5510 routing problem...

sahamed127 · ‎01-27-2010

I have the following network as shown. I seem to have some problems configuring routes for the ASA 5510.

I need hosts on 194.1.10.0/24 network (HEADQUATER) to be able to ping the hosts on 194.1.20.0/24 (BRANCH). But hosts on the headquater network can only ping the outside interface of the ASA firewall (200.200.200.2). The hosts on HQ network are not able to ping the inside interface or the host on the branch network.

This is my firewall route configuration

Outside:

network: 194.1.10.0 next-hop: 200.200.200.1

network: 194.1.30.0 next-hop: 200.200.200.1

How to fix this problem? Thanks in advance

SOL10 · ‎01-27-2010

Hi

by design you cant ping the inside interface coming in from the outside.

please post your config of the ASA - it could be your ACL's blocking echo-replies

the route on the ASA looks good but do need to the see the config of the ASA

thanks

Kureli Sankar · ‎01-27-2010

On the ASA try adding "inspect icmp" and see if that helps.

-KS

sahamed127 · ‎01-27-2010

kusankar wrote:

On the ASA try adding "inspect icmp" and see if that helps.

-KS

its not really a acl problem, i have allowed all incoming and outgoing IP traffic on both interfaces. Its more like routing problem

I have a route (to my HEADQUATER network) on my OUTSIDE interface. But i dont have this route on my INSIDE interface. Which is why the echo-reply packets cannot find a way back when i ping the inside interface.

But if i try adding a route to the inside interface....the asa says a route with the same gateway already exists

Why is this so?